The present embodiments relate to an RFID tag.
Radio Frequency Identification (RFID) is a technology with which a unique identification number (ID) may be allocated to products or physical objects, such as, for example, identification documents, components, spare parts, containers, packaging or transport containers, and may be read out with radio technology.
In a number of technical applications, different entities (e.g., devices, computers, persons) conventionally communicate with one another, exchange data, or instigate actions. A one-way or two-way authentication of the entities involved often takes place at the start of a communication of this type. This normally takes place via a challenge-and-response protocol.
The sequence of a protocol of this type is shown below using the example of a simple, one-way authentication. Here, the entity B attempts to authenticate itself to the entity A. For this purpose, the entities A and B possess the following information and methods.
The entity B has information K(B) and a method AUTH for generating the authentication information contained in the response. The entity A has a sufficient amount of information K′(B) on K(B) and a suitable method PRÜF with which the entity A may ascertain whether the entity B is actually in possession of K(B).
The sequence of authentication of the entity B by the entity A may then run as follows: 1) The entity A transmits a prompt (e.g., challenge) for authentication to the entity B; 2) The entity B answers with a response or response message (e.g., answer), into which K(B) is incorporated in a suitable manner using the method AUTH; and 3) The entity A checks with the method PRUF and the information K′(B) whether the entity B is actually in possession of K(B).
In the simplest form of an authentication method of this type, the authentication information K(B) is a password (PIN), and AUTH is the output routine responding to the challenge. The challenge is invariable and consists of the prompt to enter the password. K′(B) is similarly the password (e.g., in encrypted form).
In more complex methods offering a higher level of security, K(B) and K′(B) are cryptographic keys, AUTH and PRÜF are based on cryptographic algorithms (e.g., symmetric or asymmetric), and the challenge is frequently a random number and is included in the calculation of the response.
In the case of two-way authentication, two protocols of this type normally run, wherein the entities A and B exchange roles in the second authentication.
It is a prerequisite for all these forms of authentication methods that the technical facility for communication between A and B is to exist (e.g., in that a chip card is inserted into a reading device or an RFID tag is located in the field of a reading device).
A common feature of all these authentication methods is that the readiness for communication, at the least for the purpose of the authentication method, is implicitly required in both communication partners A and B. In the case of the authentication of a contact-based chip card, this readiness for communication is actually associated with a deliberate action (e.g., the insertion of the card into a reading device). The readiness of the reading device for communication is normally provided automatically. However, a different situation exists in the case of contactless chip cards and RFID tags, both active and passive. The readiness for communication is, for example, directly associated with the relevant technical facility.
In practice, this readiness to start communication between the entity A to be checked (e.g., reading device) and the entity B (RFID) authenticating itself is linked by the following automatically running procedure directly to the technical facility for communication. The reading device emits pulses at short intervals and in a broadcast-like method and in this way, repeatedly builds up an energy field around itself. RFID tags that are located in this field or enter this field are activated and transmit to the reading device initial information (ID, type, and the like) on their own entity, to which the reading device then attunes itself for further communication.
The actual communication between the reading device and the RFID tag then starts (e.g., following the interposition of a further protocol for collision handling). A one way or two-way authentication may take place at the start. In the method sequence described, the entity B (the RFID tag) essentially cannot prevent the presence of entity B in the vicinity of entity A from being known to the entity A (e.g., the reading device). However, there are situations in which this information already has harmful effects, even if the subsequent authentication method is unsuccessfully aborted. This situation arises, for example, if the entity B does not wish to disclose its own presence at a specific location to unauthorized parties. The motivation for this may, for example, be for reasons of data protection or privacy. However, there are, above all, authentication scenarios from the domain of national security and from military applications in which the automatic generation and transmission of a “first response” is already highly disadvantageous on the grounds of a preceding untargeted activation action alone.